Cisco 870 - VPN - DMZ in four contries : Is it the way to Hell or Heaven ?

Discussion in 'Cisco' started by thorkil.johansen@gmail.com, Sep 17, 2007.

Guest

Hi

One year ago I was so tired of my Novell VPN that I replaced is with 4
cisco Cisco 870 (Copenhagen, Bordeaux, Gotenburg, Helsinki)
I choose Cisco becourse I wanted to have some equipment where I could
be sure of some proff assistance. I have never used Cisco before, and
I have the feeling that now I would experiance how a hi-end solution
should be.

It has been a very negative experience to learn how a cisco product
like the 870 is handled by both Cisco and the partners. My (high)
expectations has not been met a all.

Now I have to reboot the main cisco three times a week (often during
the week-end) and the company who help me, seems to have no clues
about what is going on.

I really want to get in contact with a Cisco consultant who works in a
structured manner.
I don't care which country he works in. As long as he have a bank-
account I will pay

I got this 4 times on the syslog a minute before the crash:
2007-09-06 08:19:03 Local7.Warning 10.45.1.11 65571: 065569: Sep 6
2007 08:19:03: %IP_VFR-4-FRAG_TABLE_OVERFLOW: BVI1: the fragment table
has reached its maximum threshold 16

Advertisements

Guest

On 17 Sep, 21:23, wrote:
> Hi
>
> One year ago I was so tired of my Novell VPN that I replaced is with 4
> cisco Cisco 870 (Copenhagen, Bordeaux, Gotenburg, Helsinki)
> I choose Cisco becourse I wanted to have some equipment where I could
> be sure of some proff assistance. I have never used Cisco before, and
> I have the feeling that now I would experiance how a hi-end solution
> should be.
>
> It has been a very negative experience to learn how a cisco product
> like the 870 is handled by both Cisco and the partners. My (high)
> expectations has not been met a all.
>
> Now I have to reboot the main cisco three times a week (often during
> the week-end) and the company who help me, seems to have no clues
> about what is going on.
>
> I really want to get in contact with a Cisco consultant who works in a
> structured manner.
> I don't care which country he works in. As long as he have a bank-
> account I will pay
>
> Does anyone knows a very good cisco-consultant ?
>
> Regards
> Thorkil Johansen
>
> I have a console connected:
> %SYS-2-NOTQ: unqueue didn't find 0 in queue 82AB3E00 -Process=
> "<interrupt level>", ipl= 2, pid= 73 -Traceback= 0x8077CCD8 0x803BF92C 0x803C4FBC 0x803CD13C 0x80
>
> 3CD51C 0x803D1A6C 0x8016DAA8 0x80162000 0x80164758 0x8016732C
> 0x80023AA4 0x80105350 0x80105350 0x80023B64 0x80B7A5C4 0x80B7A490
>
> I got this 4 times on the syslog a minute before the crash:
> 2007-09-06 08:19:03 Local7.Warning 10.45.1.11 65571: 065569: Sep 6
> 2007 08:19:03: %IP_VFR-4-FRAG_TABLE_OVERFLOW: BVI1: the fragment table
> has reached its maximum threshold 16

Sorry to say it but I have has a rather negative experience
with the 870.

In my view it is not a business class product 'yet?' due
to software instability under decent load.

We are presently using 2801 as a minumum
for business links and have had no trouble at all.
I suspect that the 1800 wil be OK but we don't use enough
to justify extensive testing of them and our customers
are prepared to pay for the 2801 so it's not something
that we have tried.

Having said that the more recent software seems
to be giving us less trouble (we still use the 8[57]0)
for "home" VPNs) so maybe it's fixed now.

The traceback is the result of a software crash
and such things simply : -) indicate a bug. You must
either work around the bug or get a software upgrade.

The other one (fragment table thing) is the result
of insufficient resources for the traffic offered.
I think that the limit can be raised to 32. This router
is not really I don;t think up to such processing and I
would disable that facility if possible.

Getting the right response from TAC is not always
straightforward but if you push the right buttons
in the right order then I have found that I get the
result that I want, however at one time I did a
lot of work with them. Clearly if the router has
bugs then they cant fix it.

Thing is though; a decent independent consultant
is going to want enough to buy a few 870s for a
days work. This is where your model falls into
trouble. Even if your network is completely
straightforward, to upgrade 4 routers remotely
study the configs, come up with some suggestions,
implement and test is looking at more than a days work
I would say. Then there is the potential for liability for
subsequent problems up to and not excluding some sort of
VPN security problem. hmmmmmm.
Interesting.

Advertisements

The word traceback in the output almost always indicates an IOS
software bug.

Post the output of "show version" so responders will know what IOS
version is being used on the hub site 870.

Short term you should probably find someone locally who can upgrade
the IOS version for you assuming you have SmartNet support contract
for the Cisco 870. The configuration may also need to be modified
based on your current issue.

The traffic being recived by the hub site 870 may have exceeded its
capabilities and then you would need to look at a suitable
replacement.

Share This Page

Welcome to Velocity Reviews!

Welcome to the Velocity Reviews, the place to come for the latest tech news and reviews.

Please join our friendly community by clicking the button below - it only takes a few seconds and is totally free. You'll be able to chat with other enthusiasts and get tech help from other members.
Sign up now!